Top 3 Myths About DDoS Attacks

Nowadays you don't even need to stand up to participate in a protest. You just need to find an e-flyer from a group of Internet activists, like Anonymous, that explainins the target, the cause, and a simple set instructions for downloading an cyber-attack tool which, when used en masse, can disable the computers and servers of major corporations. Or as my colleague Neil Rubenking pointed out a couple weeks ago, you can cluelessly become roped into such an operation by clicking on the wrong link!

Distributed Denial of Service (DDoS) attacks have been around for a long time, but as the tools and strategies evolve, practically any n00b can participate. In the beginning a DDoS attack just meant flooding the network through the Internet pipe or overwhelming the firewall. This is still a popular method used against large targets like the FBI and Mastercard. But another attack vector has emerged, whereby attackers can enter the application level using HTTP and SMTP floods, which overload the computer's memory until it comes to a screeching halt.

In a white paper published this week, Radware debunks a few of the most common myths about DDoS attacks:

1. It Takes a Lot of BandwidthWith DDoS, David can overcome Goliath. DDoS don't require acres of bandwidth to disable your website. In fact, 76 percent of attacks are less than 1Gbps and 32 percent are less than 10 Mbps, Radware found.

2. The Higher the BPS and PPS, the More Serious the AttackMany people assume that the bigger the attack, typically measured as bytes-per-second (BPS) or packets-per-second (PPS), the more serious it is. But according to Radware, it's just as important to look at the type of attack. A smaller HTTP flood on the application level can do more damage than a larger UDP flood on the network, for instance.

3. A Firewall Should Be Your First DefenseHackers love the firewall because it's so easy to overwhelm, Radware says. In a recent survey of customers 24 percent said the firewall was the bottleneck of a DDoS attack. Their recommendation? Invest in DoS/DDoS mitigation hardware (yes, like the type Radware makes) that goes in front of the firewall. Network firewalls, for instance, won't protect your computers against DDoS attacks at the application level. Many firewalls have a SYN flood protection technology, but the same firewall cannot handle an HTTP flood.

I don't know if DDoS attacks are on the rise per se, but their targets are entering the mainstream conscience more and more. Just this year Anonymous mobilized an ongoing DDoS attack against the Department of Justice's website for taking down Megaupload, while Palestinian Anonymous members took down Israeli newspaper Haaretz by DDoS. We've also seen it used against the FBI, the Sony PlayStation Network, and numerous anti-Wikileaks companies.

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true).
Prior to joining PCMag.com, Sara spent five years reporting for publications in New York City (Huffington Post), Hong Kong (South China Morning Post), and Singapore (Campaign Asia, Men's Health).
Follow her on Twitter at @SecurityWatch and @sarapyin, or contact her the...
More »